Almost always "there are warning signs. But they are not always listened to," she said.
Technical controls are vital as well. One of the most important is user authorization and access control, said Raffael Marty, chief security strategist at Splunk, a company that provides software to help firms search for data in large enterprise applications. Companies that lay off large numbers of people or that engage in a consolidation or merger need to first ensure that former employees no longer have access to internal systems and data, Marty said.
"If a person either leaves his company or is fired, you have to make sure that user account is disabled and that has to happen immediately," he said. In addition to terminating accounts, it's also important to monitor critical applications and activity logs to make sure those who previously had access to them can't access them through some other entry point, Marty said.
It's a good idea, in general, to monitor privileged user activity to ensure that those with elevated and administrative access rights are not using them to "rob you blind," added Ted Julian, vice president of marketing at Application Security, a vendor of database security tools. "Some sort of monitoring on your most sensitive systems is a must. You need that safety," in addition to whatever other controls might be in place, he said.
The increased use of portable devices, such as laptops and handhelds, and removable media, such as USB memory sticks and iPods, has also made it easier for rogue insiders to walk away with large amounts of corporate data. Analysts for sometime have said that it's important for companies to have measures in place for centrally controlling and monitoring which devices can be attached to corporate networks and systems and what data can be downloaded, uploaded and stored on them.
Another category of tools used by companies as a measure against data theft is the so-called data leak prevention tools that keep an eye on network traffic to ensure that protected information doesn't go outside in an unauthorized manner.